CVE-2026-4541 | janmojzis tinyssh up to 20250501 Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification (Issue 101)

VDB-352358 · CVE-2026-4541 · ISSUE 101 JANMOJZIS TINYSSH UP TO 20250501 ED25519 SIGNATURE CRYPTO_SIGN_ED25519_TINYSSH.C SIGNATURE VERIFICATION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 2.3 $0-$5k 1.91+ Summaryinfo A vulnerability was found in janmojzis tinyssh up to 20250501. It has been declared as problematic. The affected element is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. Such manipulation leads to signature verification. This vulnerability is listed as CVE-2026-4541. The attack must be carried out locally. In addition, an exploit is available. It is recommended to upgrade the affected component. Detailsinfo A vulnerability was found in janmojzis tinyssh up to 20250501. It has been rated as problematic. Affected by this issue is some unknown processing of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. The manipulation with an unknown input leads to a signature verification vulnerability. Using CWE to declare the problem leads to CWE-347. The product does not verify, or incorrectly verifies, the cryptographic signature for data. Impacted is integrity. The advisory is available at github.com. This vulnerability is handled as CVE-2026-4541. The exploitation is known to be difficult. Local access is required to approach this attack. Technical details as well as a public exploit are known. The exploit is available at github.com. It is declared as proof-of-concept. Upgrading to version 20260301 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 9c87269607e0d7d20174df742accc49c042cff17 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Vendor janmojzis Name tinyssh Version 20250501 License open-source Website Product: https://github.com/janmojzis/tinyssh/ CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 2.5 VulDB Meta Temp Score: 2.3 VulDB Base Score: 2.5 VulDB Temp Score: 2.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Signature verification CWE: CWE-347 / CWE-345 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: No Availability: 🔒 Access: Public Status: Proof-of-Concept Download: 🔒 Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: tinyssh 20260301 Patch: 9c87269607e0d7d20174df742accc49c042cff17 Timelineinfo 03/01/2026 Countermeasure disclosed 03/21/2026 +20 days Advisory disclosed 03/21/2026 +0 days VulDB entry created 03/21/2026 +0 days VulDB entry last update Sourcesinfo Product: github.com Advisory: 101 Status: Confirmed Confirmation: 🔒 CVE: CVE-2026-4541 (🔒) GCVE (CVE): GCVE-0-2026-4541 GCVE (VulDB): GCVE-100-352358 scip Labs: https://www.scip.ch/en/?labs.20161013 Entryinfo Created: 03/21/2026 16:15 Changes: 03/21/2026 16:15 (63) Complete: 🔍 Submitter: pythok Cache ID: 99:2B9:101 Submitinfo Accepted Submit #774687: GitHub tinyssh 20250501 Cryptographic Issues (by pythok) Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸